Alternatives to CAPTCHA

Earlier we have discussed CAPTCHA, or Completely Automated Public Turing test to tell Computers and Humans Apart, refers to a verification scheme used by sites to ensure that web content is accessed only by persons. In this article I would like to provide more examples and concerns for the different CAPTCHA alternatives.

CAPTCHA has gained much popularity for its apparent effectiveness and ease of implementation. But a valid concern has started to grow among Internet users regarding the use of CAPTCHA in websites. Many people, especially those with disabilities, find it difficult and sometimes impossible to pass this verification method.

To solve this problem, people began thinking of alternatives to CAPTCHA. Below, we take a look at each alternative option, and identify their advantages and drawbacks. Of course, the list is not complete, because only your creativity is the limit, but the most frequent CAPTCHA alternatives are compiled here.

Voice CAPTCHA Alternatives

In this method, the user is given the option to hear the verification code apart from seeing it in the screen. The user needs to activate a button which would play the audio file containing the code. The user can then enter the code on the provided field and proceed to the next processes.

This option is appropriate for blind Internet users and those with visual impairments. However, deaf people and individuals with cognitive disabilities may face problems in using it.

Math Questions

Instead of a graphical code, the user has to answer a simple math question. A common example would be “2 + 2”. The user then has to enter the answer and if it is correct, the system loads the succeeding page.

This option is good for most people. Developers should nonetheless ensure that the math questions are all basic ones. Math questions that are complex may cause difficulties for persons with cognitive disabilities.

Simple Questions

Apart from math questions, developers have tried using simple questions. An example of this is a question such as “What is the second letter of the English alphabet?”.

Simple questions generally work well for Internet users. But concerns may still arise among certain people. For instance, the above example may make it difficult for non-English speakers to quickly provide the answer.

Easy Tasks

Apart from questions, easy tasks can also be used in place of CAPTCHA. For example, a registration form can contain a checkbox that is checked by default. And the checkbox has a label such as “Uncheck the box if you are a human”.

Developers who choose this option should make sure that the tasks are truly easy to follow.

Hidden Fields

This option builds on the idea that robots enter information in a field regardless of whether or not it is visible. Developers use CSS to hide a particular field, rendering it invisible to humans. Here, the system checks if a hidden field has data. If it does, it is most likely filled in by a robot. Otherwise, a human has entered information in the form.

The main problem of this option is that it may be confusing for someone who has deactivated CSS.

Verification Via SMS

In this option, the site asks for the user’s mobile number. After the user has provided this information, the site will send an SMS containing the verification code to the mobile phone. The user then can enter the code in the specified field.

The main problem of this option is that not all persons have mobile phones. In addition, a blind person, for example, may have a mobile phone but it doesn’t have the needed screen reading software. Another issue is that people may use the page from another country.

Confirmation Page

Here, the user enters information in one page and activates a Submit button to proceed to the next page. The next page contains the information the user previously entered, and a Confirm button. This prevents robots from successfully entering information in the system because they normally focus only on the page containing fields.

Developers who choose this option should see to it that the page clearly explains to the users what would happen. Otherwise, some users might think that after clicking on the Submit button, they can leave the site.

determine the time for completing the form

A human normally takes at least half a minute to fill out a form with three to five fields. On the other hand, most robots complete a form automatically, so it doesn't take more than a few seconds.

The system can determine if the form was filled out in a very short amount of time (e.g. ten seconds for three fields). Through the acquired information, the system can determine if the form is filled out by a robot or a human.

Determine if a Java Script is Loaded

This option is for pages running a java script. When the java script has been executed, one can be certain that a human is using the page. Developers can create a way to check this activity. The main problem of this option takes place when the user has deactivated Java scripts.

Use human intervention

Here, the user is asked to send a short request email to the person handling the website. That person can then verify if the sender of the email is a human. Although this option can be very effective, registration may take a longer time to complete.

Verification Through Pictures

The user is presented with a set of pictures, say a cat, a dog, and a bird. The page then tells the user to click on one of the pictures, the dog, for instance.

To help blind users answer this test, developers can include alternate descriptions in the pictures. In this case, the dog picture says “dog”, but robots would find it hard to know what the page wants the user to select.

Identifying Sound

The user clicks on a button to play a sound. The page presents a set of buttons or links containing names of sounds. The user has to click the button whose caption best describes the sound.

The main issue of this option is that it would exclude deaf people from answering the test.

Conclusion

You can see that you have many CAPTCHA alternatives, in reality, only your imagination is the limit. However, regardless of which option you decide to use, please make sure that your chosen CAPTCHA or CAPTCHA alternative is fully accessible to people with disabilities.

Absolutely, you want to filter out the bots as much as you can, but there are different ways to do it.
There's nothing wrong using CAPTCHA as long as it is accessible to all.
You can also have people to register, verify their email address and then allow them to comment. This is usually a turn-down for people who just want to leave a quick comment, and don't want yet another account somewhere.
For a while I put comments on an approval queue, but this didn't seem to work too well either, people wanted to see their legitimate replies, and it was more difficult to join a conversation.
Finally, I decided to let anything in, place an accessible CAPTCHA in place, and I regularly delete the spam that accidentally makes it. This only takes a couple of minutes for this site, and conversation is much more active this way.

Just wanted to follow up on your post. Sounds very interesting. In regards to captcha's we just launched a Image based captcha that you may find interesting to write about. http://confidenttechnologies.com/ check it out and let us know if you find it usefull.

Ben,
I have checked out your product, but it appears that it is not fully accessible to people with disabilities. The fact that you are providing an image based CAPTCHA may eliminate automated attacks, but it also makes it impossible for screen reader users to use your product.
I will be very happy to write about it and promote it, but first we need to ensure that you implement a solution that is usable and accessible to all people.